General
-
Target
3126f43bc4bde16e2278b3086ca9df87_JaffaCakes118
-
Size
468KB
-
Sample
240510-1f1yasba3y
-
MD5
3126f43bc4bde16e2278b3086ca9df87
-
SHA1
495423e86b35c157ee390bd20318e8aee69c155c
-
SHA256
d92e6caa9ff8d9566cc1ff651b50033549d5d9126c5e37aabeb5c43820b0a9f2
-
SHA512
1493606ac3b2ab9fd3ff107a4825e2adf1fe06ebba42b55e510262ea871e3f41c86c97b5b4df3e538a79dd7a7350576620c18be26179719643fc7b623dab2728
-
SSDEEP
6144:69YUINbOruByC48NgCbg/0BGSG66OucChv6CtlNOzk+KbyNTU6oO:6JgGWyeaCVBGu6OubCCtTPbyNTUQ
Malware Config
Extracted
lokibot
https://via33.net.br/painel/host/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3126f43bc4bde16e2278b3086ca9df87_JaffaCakes118
-
Size
468KB
-
MD5
3126f43bc4bde16e2278b3086ca9df87
-
SHA1
495423e86b35c157ee390bd20318e8aee69c155c
-
SHA256
d92e6caa9ff8d9566cc1ff651b50033549d5d9126c5e37aabeb5c43820b0a9f2
-
SHA512
1493606ac3b2ab9fd3ff107a4825e2adf1fe06ebba42b55e510262ea871e3f41c86c97b5b4df3e538a79dd7a7350576620c18be26179719643fc7b623dab2728
-
SSDEEP
6144:69YUINbOruByC48NgCbg/0BGSG66OucChv6CtlNOzk+KbyNTU6oO:6JgGWyeaCVBGu6OubCCtTPbyNTUQ
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-